Quote:Malwarebytes v5.2.2.154 component package 1.0.5101

    Features and improvements

        Improved support for Windows 11 24H2 update
        Malwarebytes Free users can now opt in to Beta updates
        Localization updates
        Minor usability improvements
        Removed Trusted Advisor - Other devices feature from dashboard and Trusted Advisor page. We are evaluating improvements to this feature based on user feedback.

    Issues fixed

        Minor UI bugs

Offline: https://downloads.malwarebytes.com/file/mb5_offline
Online: https://downloads.malwarebytes.com/file/mb5-windows

 

Quote:Apple released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September.

The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for devices that are still running iOS 17.

According to Apple's release notes, the iOS 18.1.1 update provides important security fixes. It is recommended for all users.

Source: Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes - MacRumors

About the security content of iOS 18.1.1 and iPadOS 18.1.1 - Apple Support

Quote:The United States Department of Justice may force Google to sell Chrome. The news comes a few months after the company was found guilty of maintaining an illegal search monopoly.

Well, this is not completely unexpected, I had mentioned this in my previous coverage of the antitrust lawsuit.

Google may be forced to sell Chrome to comply with antitrust laws

A report by Bloomberg (paywalled article) outlines the proposals that the DoJ will be recommending to federal judge, Amit Mehta. He was the judge who had recently deemed Google of illegally monopolizing the search market. Google is preparing an appeal against the ruling, a two-week hearing has been set for April 2025, and the final ruling could be reached by August 2025. But things are about to get much worse for Google, as the tech giant could be forced to part ways with the browser it created 16 years ago, Chrome.

The antitrust agency and States who are suing Google, will also request the imposition of some changes related to the AI industry. Dozens of companies were consulted by Government attorneys as they prepared recommendations for a remedy to make the market more competitive.

The antitrust officials want Google to license the search results and data, and allow websites options to prevent their data from being used for Google's AI products, such as the AI-generated summaries that are being displayed at the top of search results.

The report also mentions that the DoJ thought about an option to force Google to sell off Android, but pulled back from this decision. Now, that doesn't necessarily mean Android is off the radar.

Android could be unbundled

Android users will be aware that the mobile operating system bundles several apps from Google, many people view these as bloatware. Antitrust officials are working on proposals to force Google to split Android from its other products like Search and the Google Play Store. Could this mean that Android phones may offer an experience similar to AOSP (Android Open Source Project) sans Google apps? One requirement that is proposed wants Google to share more information with advertisers, and give them additional control over where their ads appear.

Naturally, Google isn't happy about these proposals. Google’s vice president of regulatory affairs, Lee-Anne Mulholland, said this "radical agenda goes beyond the legal issues in this case", and that it would "harm consumers, developers and American technological leadership.

On a side note, Google seems to be transforming Chrome OS into Android, which seems to indicate that things could be changing rapidly.

Chrome's dominance could come to an end

According to StatCounter, Chrome leads the market with a 66.65% share world-wide, with Apple Safari in second place at 18.09%, followed by Microsoft Edge at 5.26%, and Mozilla Firefox at 2.65%. Those are the global stats. Since the antitrust case is based in the United States, let's take a look at how the browser market in the U.S. is. Spoiler alert, it is not that different. Chrome is at the top with 57.38%, Apple Safari has a 29.31% share, Edge is at the third spot with 6.57%, Firefox is at the fourth place with 3.47%.

Continue Reading...

Quote:We’ve updated the design of our password manager’s mobile version. Storing and managing passwords is now even more convenient.



We’re always working to ensure our products and solutions remain top-tier — both in our own view and in the eyes of independent researchers. We take a comprehensive approach to this, adding new features, combating emerging malware, simplifying migration, and continually enhancing user experience.

Today, we’re excited to introduce a major update to Kaspersky Password Manager for mobile devices. This update will roll out across all app stores throughout November 2024. We’re confident this refresh will make storing and managing passwords, two-factor authentication codes, and encrypted documents even easier. In this article, we’ll cover advanced filtering, search functionality, synchronization, and more.

Highlights

The mobile version of our password manager is celebrating its 10[sup]th[/sup]  anniversary this year (while the desktop version turns 15), and in those 10 years we’ve managed to consolidate all the best features into a single app. In recent years, we’ve been conducting extensive Kaspersky Password Manager user-behavior research and, based on the findings, we’ve completely revamped the navigation in our mobile app.

What’s new:

• The side menu has been replaced with a navigation bar at the bottom of the screen. The product’s core features are now organized into sections.
  
• We’ve created a dedicated section for the in-app search, and improved the search scenarios.
  
• Managing favorite entries is now more convenient; they’re now pinned at the top of the list.
  
• We’ve added a “Sync” button and placed it in a prominent location.
  
• The password generator, import, and security-check features have been grouped into a separate “Tools” section.
  

These changes are available to all Kaspersky Password Manager users on both Android (app version 9.2.106 and later) and iOS (app version 9.2.92 and later).

Navigation bar

All core Kaspersky Password Manager functions are now accessible through the navigation bar at the bottom of the screen.

Updated home screen of Kaspersky Password Manager for iOS (left) and Android (right)

Let’s look at each element of the new bar from left to right.

1. All Entries. This is the main menu – the heart of our password manager.
   
2.  Subscription. Here, you can view your current subscription, including the expiry date and provider. If you don’t have a subscription, you can create or log in to a My Kaspersky account to activate or purchase one.
   
3. Tools. Here, you’ll find the “Password Generator”, “Password Check”, and “Import Passwords” tools. The names speak for themselves. With a single click, you can create strong, unique passwords, check your existing passwords for uniqueness, strength, security, and compromise in data breaches, and import passwords from built-in browser password managers and similar products into our secure vault.
   
4. Search. If you’re an active internet user and have dozens or even hundreds of unique passwords for different accounts saved in Kaspersky Password Manager, simply click on the magnifying glass icon and type just a few characters to quickly find the entry you need.
   
5. Settings. This is where you can enable notifications, change your primary password, configure auto-lock and login methods, choose sorting options, access help resources, check the app version, and log out of your account.
   

Continue Reading...

Quote:Intro

The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by the year. Globally, according to eMarketer, e-commerce sales are to reach $6.9 trillion by the end of 2024.

At Kaspersky, we closely monitor the evolving landscape of shopping-related cybersecurity threats. Each year, we track how cybercriminals target this rapidly expanding sector and the challenges they pose to consumers, especially during peak shopping seasons. As shoppers seek the best deals in the run-up to major sales events like Black Friday, cybercriminals and fraudsters gear up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures.

This report continues the series of annual analyses we’vewe published on Securelist in 2023, 2022 and 2021, which track the evolving landscape of shopping-related cybersecurity threats. In it, we present our findings on the dynamic nature of shopping threats, with a particular focus on the tactics used by cybercriminals during Black Friday, and offer insights into how consumers can stay safe in the face of the growing risks.

Methodology

To assess the current state of the shopping threat landscape, we conduct an annual analysis of various threat vectors. These include financial malware, phishing sites impersonating major global retailers, banks and payment systems, and spam emails that may lead to fraudulent websites or spread malware. This year, we also specifically analyzed the rise of fake mobile applications designed to steal shopping data. The threat data we rely on is sourced from Kaspersky Security Network (KSN), which processes anonymized cybersecurity data shared consensually by Kaspersky users. This report draws on data collected from January through October 2024.

Key findings

• In the first ten months of 2024, Kaspersky identified more than 38 million phishing attacks targeting users of online stores, payment systems, and banks.
  
• As many as 44.41% of these attacks targeted banking service users.
  
• We detected 198,000 Black Friday-themed spam messages in the first two weeks of November.
  
• More than 13 million banking trojan-related attacks were detected in 2024.
  
• Despite the high number, the overall activity of PC banking trojans continues to decline.
  
• Credit card data is widely offered on the dark web, alongside shopping accounts.
  
• Dark web sellers offer Black Friday discounts, just like regular shops.
  

Shopping fraud and phishing

Phishing and scams are among the top threats for online shoppers. Fraudsters often create fake websites, emails or ads that closely resemble those of legitimate retailers. Given that shoppers are often busy or distracted, they may not take the time to carefully review links or emails, which makes them more vulnerable to these threats.

Kaspersky’s automated technologies are designed to detect and prevent various forms of financial phishing and scams that fraudsters run during the Black Friday season, including fake pages that mimic bank websites, payment systems such as PayPal, Visa or Mastercard, and online stores such as Amazon, eBay or AliExpress. These pages may target victims’ login credentials and payment information or trick users into transferring money to the scammers. Additionally, they may also steal other personal details from unsuspecting shoppers.

From January through October 2024, Kaspersky products successfully blocked more than 38,473,274 attempts to access phishing links targeting users of online shopping platforms, payment systems and banks. This represents a significant increase of 24.9% over the same period last year, when 30,803,840 phishing attacks were recorded.

If we break this down, 44.41% of these phishing attempts targeted users of banking services, 18.01% mimicked payment systems, and 37.5% attempted to impersonate e-shops. Notably, there has been a shift in the types of targets. While last year online store impersonation accounted for the largest share (43.47%), this year, attacks targeting banking users became prevalent, increasing slightly from 35.19%.

 

Although the share of online store phishing and scams dropped insignificantly against 2023, the overall number of detected attempts to follow a phishing link grew slightly from roughly 13 million to 14,428,512. The top brands mimicked by the scammers remained the same as in the previous year, however, our analysis revealed that the overall number of phishing attacks per examined platform in 2024 appeared somewhat lower than in 2023. Given the growth in the number of all online store-themed phishing attempts, this may mean that the attacks have become more targeted and region-specific or that the number of platforms mimicked by the fake sites has increased.

Continue Reading...

Quote:GB200 NVL4 is a platform with Blackwell GPU and Grace CPU

NVIDIA has several announcements at Supercomputing 2024



NVIDIA has announced that its H200 NVL processors are now available, which is a PCIe Express version of the Hopper accelerator. This is a slightly slower version than the SXM version, which might support a TDP of up to 700W. The PCIe version is limited to 600W. This, of course, means that the GPU will be slower in computing, but the important fact is that it retains the same memory bandwidth of 4.8 TB/s.

The quad-GPU solution is possible through a special NVLink bridge supporting an interconnect speed of 900 GB/s per GPU. Of course, such GPUs can only be used in several chassis because these cards have no active cooling system, and cooling down 600W of heat is not simple.


GB200 NVL4, Source: NVIDIA

NVIDIA is also introducing a new platform called GB200 NVL4, which is a single board equipped with four Blackwell GB200 accelerators and two Grace GPUs. Each processor is connected through NVLink, and all of them offer a combined 768GB of HBM3 memory and 32 TB/s of memory bandwidth. The Grace CPUs have their own system memory based on LPDDR5X technology, with a total capacity of 960 GB.

NVIDIA claims that their GB200 GPUs will be 2.2x faster and 1.8x quicker training compared to NVIDIA GH200 NVL4. 
Perhaps the most interesting metric is the power consumption, expected to be 5400W.

Continue Reading...

Quote:Five dead simple tips to greatly improve your defenses against cybercriminals.

From kids to retirees, no one is safe from cybercrooks. And if you’re always putting cybersecurity on hold because it all seems so daunting, our five dead-simple tips are just the ticket. Each of them will greatly beef up your protection against the most common cyberthreats. We compiled this post as part of INTERPOL’s #ThinkTwice global information campaign to raise awareness of the main cybercrime vectors plus simple but effective ways to counter them.

Automate your passwords

Make all your passwords for both websites and apps long enough (at least 12 characters) and unique (that is, never use them more than once). No one can think up and memorize so many passwords, so use a password manager to create, store and enter them. You’ll only need to come up with and memorize just one (long!) main password for it; everything else — from generating to entering passwords — will be done automatically.

Keep in mind: you need to install the password manager on all your devices to enter passwords easily and safely everywhere. The data will be synched across all your devices. So, having saved a password on your smartphone, you’ll be able to automatically enter it on your desktop, and vice versa. Note that the password manager will let you store in encrypted form not only passwords, but also PINs, full credit card details, addresses, notes, and even document scans.

Pro level: for maximum security, disable biometric login to the password manager — this way you’ll have to enter the main password every time you use the app, but no one will be able to access all your data without knowing the main password (don’t write it on a sticky note, by the way).

Enable double checking

Double checking, or two-factor authentication, protects you from password-stealing hackers who break into your accounts using leaked credentials. Besides the password, they’ll need to enter a one-time code sent to you via a text or an authenticator app.

Although banks enable two-factor authentication (2FA) automatically, in many other online services it remains optional. Wherever your data is even a tiny bit confidential (social networks, messengers, government services, email), we recommend enabling 2FA in the settings, if available.

Keep in mind: There’s usually a choice of how to get one-time codes: by email or text, or by generating them in a special authenticator app on your smartphone. Of these methods, the safest is to use the latter; next come codes via text (they can be intercepted), and the least secure option is codes via email.
With an authenticator app, the only risk is if you lose your smartphone, in which case you’ll also lose access to accounts protected by one-time codes. Here again, Kaspersky Password Manager comes to the rescue: not only does it securely store authentication tokens and generate one-time codes, it also synchronizes them across all your devices. So, if your smartphone is lost or broken, you can easily generate a verification code on any of your other devices, as well as restore all your Kaspersky Password Manager data to a new phone.

Pro level: get yourself a FIDO U2F hardware key — this dongle looks like a tiny flash drive and offers the best protection against hackers.

Continue Reading...

Quote:Introduction

Malicious software poses an ever-increasing threat, not only due to the number of malware programs increasing, but also due to the nature of the threats.

Infection vectors are changing from simple file-based methods to distribution via the Internet. Malware is increasingly focusing on users, e.g. by deceiving them into visiting infected web pages, installing rogue/malicious software or opening emails with malicious attachments. The scope of protection offered by antivirus programs is extended by the inclusion of e.g. URL-blockers, content filtering, cloud reputation systems, ML-based static and dynamic detections and user-friendly behaviour-blockers. If these features are perfectly coordinated with the signature-based and heuristic detection, the protection provided against threats increases.

In this test, all protection features of the product can be used to prevent infection – not just signatures or heuristic file scanning. A suite can step in at any stage of the process – accessing the URL, downloading the file, formation of the file on the local hard drive, file access and file execution – to protect the PC. This means that the test achieves the most realistic way of determining how well the security product protects the PC. Because all of a suite’s components can be used to protect the PC, it is possible for a product to score well in the test by having e.g. very good behavioural protection, but a weak URL blocker. However, we would recommend that all parts of a product should be as effective as possible. It should be borne in mind that not all malware enters computer systems via the Internet, and that e.g. a URL blocker is ineffective against malware introduced to a PC via a USB flash drive or over the local area network.
 
In spite of these technologies, it remains very important that also conventional and non-cloud features such as the signature-based and heuristic detection abilities of antivirus programs continue to be tested. Even with all the protection features available, the growing frequency of zero-day attacks means that some computers will inevitably become infected. As signatures can be updated, they provide the opportunity to recognize and remove malware which was initially missed by the security software. Other protection technologies often offer no means of checking existing data stores for already-infected files, which can be found on the file servers of many companies. Those security layers should be understood as an addition to good detection rates, not as a replacement.
 
The Real-World Protection test is a joint project of AV-Comparatives and the University of Innsbruck’s Faculty of Computer Science and Quality Engineering. It is partially funded by the Republic of Austria.
 
The methodology of our Real-World Protection Test has received the following awards and certifications, including:

• Constantinus Award – given by the Austrian government
  
• Cluster Award – given by the Standortagentur Tirol – Tyrolean government
  
• eAward – given by report.at (Magazine for Computer Science) and the Office of the Federal Chancellor
  
• Innovationspreis IT – “Best Of” – given by Initiative Mittelstand Germany
  

...
Full Article = Real-World Protection Test July-October 2024

Chart = Comparison

Quote:Gmail users had an easy, but mostly superfluous, alias system at their disposal from the very beginning. I mentioned the trick in 2006 for the first time here on this blog. All you have to do is add +text to the username of the email address.

This looks like emailaddress+mytext@gmail.com then. The main idea is that sites do not see the user's main address but a temporary address. The main problem with the approach was that it was dead easy to spot the real email address. All you had to do was remove the +text part from it.

New Gmail Email Alias feature in the works

A report by Android Authority suggests that Google is working on integrating real email alias capabilities into Gmail.

The details:

• The feature is called Shielded Email.
  
• It allows users to use temporary addresses.
  
• These forward emails to the user's real address.
  

Details are scarce at the moment. It appears that the system enables Gmail users to create temporary email addresses. These may then be used for interactions with services on the Internet. The temporary email addresses may be turned off in the Gmail app; this blocks future emails from reaching the inbox.

It is unclear right now which domain or domains the temporary email addresses will use. The following features are commonly found in other services of its kind:

• Support for custom domains.
  
• Ability to reply from a temporary email address.
  

Popular solutions, like the Proton-owned SimpleLogin, support lots of features that add to the functionality. The paid version supports custom domains, catch-all and wildcard domains or PGP encryption. There is also AnonAddy, another crowd-favorite.

Knowing Google, it is perfectly possible that the company is not going to launch Shielded Emails at all, as a test to select users only, or launch it only to pull it at a later point.

Continue Reading...